tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

mm: fix page_lock_anon_vma leaving mutex locked

On one machine I've been getting hangs, a page fault's anon_vma_prepare()
waiting in anon_vma_lock(), other processes waiting for that page's lock.

This is a replay of last year's f18194275c39 "mm: fix hang on
anon_vma->root->lock".

The new page_lock_anon_vma() places too much faith in its refcount: when
it has acquired the mutex_trylock(), it's possible that a racing task in
anon_vma_alloc() has just reallocated the struct anon_vma, set refcount
to 1, and is about to reset its anon_vma->root.

Fix this by saving anon_vma->root, and relying on the usual page_mapped()
check instead of a refcount check: if page is still mapped, the anon_vma
is still ours; if page is not still mapped, we're no longer interested.

Signed-off-by: Hugh Dickins <hughd@google.com>
Signed-off-by: Linus Torvalds <torvalds@linux-foundation.org>

authored by

Hugh Dickins and committed by
Linus Torvalds eee0f252 5dbe0af4

+8 -5
+8 -5
mm/rmap.c
··· 405 405 struct anon_vma *page_lock_anon_vma(struct page *page) 406 406 { 407 407 struct anon_vma *anon_vma = NULL; 408 + struct anon_vma *root_anon_vma; 408 409 unsigned long anon_mapping; 409 410 410 411 rcu_read_lock(); ··· 416 415 goto out; 417 416 418 417 anon_vma = (struct anon_vma *) (anon_mapping - PAGE_MAPPING_ANON); 419 - if (mutex_trylock(&anon_vma->root->mutex)) { 418 + root_anon_vma = ACCESS_ONCE(anon_vma->root); 419 + if (mutex_trylock(&root_anon_vma->mutex)) { 420 420 /* 421 - * If we observe a !0 refcount, then holding the lock ensures 422 - * the anon_vma will not go away, see __put_anon_vma(). 421 + * If the page is still mapped, then this anon_vma is still 422 + * its anon_vma, and holding the mutex ensures that it will 423 + * not go away, see __put_anon_vma(). 423 424 */ 424 - if (!atomic_read(&anon_vma->refcount)) { 425 - anon_vma_unlock(anon_vma); 425 + if (!page_mapped(page)) { 426 + mutex_unlock(&root_anon_vma->mutex); 426 427 anon_vma = NULL; 427 428 } 428 429 goto out;